• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Running a single thread as root...sort of.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Running a single thread as root...sort of.

  • Subject: Re: Running a single thread as root...sort of.
  • From: Glenn Andreas <email@hidden>
  • Date: Thu, 24 Jun 2004 13:54:50 -0500
At 12:00 PM -0400 6/24/04, Huyler, Christopher M wrote:
I have read most of the documentation on creating setuid-root helper
tools but I would like to improve upon it by using Distributed Objects.
Here's my thought:

Create a helper tool in Cocoa that will authenticate and setuid-root
itself but it will stay up as a service until it is told to shutdown.
Then, once the user has authenticated, I can use Distributed Objects to
send commands to it, rather than relaunching the tool over and over
again. I have used Distributed Objects to create multiple threads in my
Preference Pane...basically I want a thread that is running as root.
Make sense?

Is this possible?
Has anyone done something similar?
Are there security issues with this approach I should be aware of?
Is there any sample code out there that could help me?

Threads don't run as users, processes run as users (be it root or something else) so you can't actually have one thread run as root while others run as the user.

Using DO to communicate with a daemon running as root (however it is accomplished to run as root) seems pretty reasonable (and better than running everything as root). Note that you want to make sure that the daemon does all the checking on the input - not the "front end" tool (since nothing stops another app from talking to your daemon and sending it evil commands).

Just remember to make the daemon do the least possible (and "execute this string as a shell command" would definitely not be "least possible").

You'll probably also want to think through the issues of multiple users running that tool (say, with fast user switching) and figure out how to handle this (does it make sense to have multiple such daemons running? Or just a single one? It all depends on the application - though single ones are usually best).

You would probably also want to set the DO connection to only support "local" connections as well (otherwise somebody across the net can talk to your daemon).

--
Glenn Andreas email@hidden mondo blobbo, Cythera, Theldrow, oh my!
Mad, Bad, and Dangerous to Know
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.

References: 
 >Running a single thread as root...sort of. (From: "Huyler, Christopher M" <email@hidden>)

  • Prev by Date: Re: Forcing NSSplitView to constrain position?
  • Next by Date: Re: Slightly more advanced Cocoa learning resources
  • Previous by thread: Running a single thread as root...sort of.
  • Next by thread: Re: Running a single thread as root...sort of.
  • Index(es):
    • Date
    • Thread